feat(client): add ssl context cache and config #1452
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | --- | |
| # yamllint disable rule:truthy rule:truthy rule:line-length | |
| name: "CI" | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - develop | |
| - stable | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| INFRAHUB_DB_USERNAME: neo4j | |
| INFRAHUB_DB_PASSWORD: admin | |
| INFRAHUB_DB_ADDRESS: localhost | |
| INFRAHUB_DB_PORT: 7687 | |
| INFRAHUB_DB_PROTOCOL: bolt | |
| INFRAHUB_BROKER_ADDRESS: message-queue | |
| INFRAHUB_LOG_LEVEL: CRITICAL | |
| INFRAHUB_IMAGE_NAME: "opsmill/infrahub" | |
| INFRAHUB_IMAGE_VER: "local" | |
| PYTEST_XDIST_WORKER_COUNT: 4 | |
| INFRAHUB_TEST_IN_DOCKER: 1 | |
| VALE_VERSION: "3.7.1" | |
| GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }} | |
| METRICS_ENDPOINT: ${{ secrets.METRICS_ENDPOINT }} | |
| jobs: | |
| prepare-environment: | |
| uses: ./.github/workflows/define-versions.yml | |
| # ------------------------------------------ Check Files Changes ------------------------------------------ | |
| files-changed: | |
| name: Detect which file has changed | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| outputs: | |
| documentation: ${{ steps.changes.outputs.documentation_all }} | |
| documentation_generated: ${{ steps.changes.outputs.documentation_generated_all }} | |
| helm: ${{ steps.changes.outputs.helm_all }} | |
| python: ${{ steps.changes.outputs.python_all }} | |
| yaml: ${{ steps.changes.outputs.yaml_all }} | |
| poetry_files: ${{ steps.changes.outputs.poetry_files }} | |
| github_workflows: ${{ steps.changes.outputs.github_workflows }} | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| - name: Check for file changes | |
| uses: dorny/paths-filter@v3 | |
| id: changes | |
| with: | |
| token: ${{ github.token }} | |
| filters: .github/file-filters.yml | |
| # ------------------------------------------ All Linter ------------------------------------------ | |
| yaml-lint: | |
| if: needs.files-changed.outputs.yaml == 'true' | |
| needs: ["files-changed"] | |
| runs-on: "ubuntu-latest" | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| - name: "Setup environment" | |
| run: "pip install yamllint==1.35.1" | |
| - name: "Linting: yamllint" | |
| run: "yamllint -s ." | |
| python-lint: | |
| if: needs.files-changed.outputs.python == 'true' | |
| needs: ["files-changed"] | |
| runs-on: "ubuntu-latest" | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| - name: "Setup environment" | |
| run: "pip install ruff==0.11.0" | |
| - name: "Linting: ruff check" | |
| run: "ruff check ." | |
| - name: "Linting: ruff format" | |
| run: "ruff format --check --diff ." | |
| markdown-lint: | |
| if: | | |
| needs.files-changed.outputs.documentation == 'true' || | |
| needs.files-changed.outputs.github_workflows == 'true' | |
| needs: ["files-changed"] | |
| runs-on: "ubuntu-latest" | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| - name: "Linting: markdownlint" | |
| uses: DavidAnson/markdownlint-cli2-action@v20 | |
| with: | |
| config: .markdownlint.yaml | |
| globs: | | |
| **/*.{md,mdx} | |
| !changelog/*.md | |
| action-lint: | |
| if: needs.files-changed.outputs.github_workflows == 'true' | |
| needs: ["files-changed"] | |
| runs-on: "ubuntu-latest" | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| - name: Check workflow files | |
| run: | | |
| bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) | |
| ./actionlint -color | |
| shell: bash | |
| env: | |
| SHELLCHECK_OPTS: --exclude=SC2086 --exclude=SC2046 --exclude=SC2004 --exclude=SC2129 | |
| documentation: | |
| defaults: | |
| run: | |
| working-directory: ./docs | |
| if: | | |
| always() && !cancelled() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') && | |
| needs.files-changed.outputs.documentation == 'true' | |
| needs: ["files-changed", "yaml-lint", "python-lint"] | |
| runs-on: "ubuntu-22.04" | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| with: | |
| submodules: true | |
| - name: Install NodeJS | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' | |
| cache-dependency-path: docs/package-lock.json | |
| - name: "Install dependencies" | |
| run: npm install | |
| - name: "Setup Python environment" | |
| run: "pip install invoke toml" | |
| - name: "Build docs website" | |
| run: "invoke docs" | |
| validate-generated-documentation: | |
| if: | | |
| always() && !cancelled() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') && | |
| (needs.files-changed.outputs.python == 'true') || (needs.files-changed.outputs.documentation_generated == 'true') | |
| needs: ["prepare-environment", "files-changed", "yaml-lint", "python-lint"] | |
| runs-on: "ubuntu-22.04" | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| with: | |
| submodules: true | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: "Setup Python environment" | |
| run: | | |
| pipx install poetry==${{ needs.prepare-environment.outputs.POETRY_VERSION }} | |
| poetry config virtualenvs.create true --local | |
| poetry env use 3.12 | |
| - name: "Install dependencies" | |
| run: "poetry install --no-interaction --no-ansi --extras ctl" | |
| - name: "Setup environment" | |
| run: "pip install invoke toml" | |
| - name: "Validate generated documentation" | |
| run: "poetry run invoke docs-validate" | |
| validate-documentation-style: | |
| if: | | |
| always() && !cancelled() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| needs: ["files-changed", "yaml-lint", "python-lint"] | |
| runs-on: "ubuntu-22.04" | |
| timeout-minutes: 5 | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| with: | |
| submodules: true | |
| # The official GitHub Action for Vale doesn't work, installing manually instead: | |
| # https://github.com/errata-ai/vale-action/issues/103 | |
| - name: Download Vale | |
| run: | | |
| curl -sL "https://github.com/errata-ai/vale/releases/download/v${VALE_VERSION}/vale_${VALE_VERSION}_Linux_64-bit.tar.gz" -o vale.tar.gz | |
| tar -xzf vale.tar.gz | |
| env: | |
| VALE_VERSION: ${{ env.VALE_VERSION }} | |
| - name: "Validate documentation style" | |
| run: ./vale $(find ./docs -type f \( -name "*.mdx" -o -name "*.md" \) ) | |
| unit-tests: | |
| env: | |
| # workaround for Rich table column width | |
| COLUMNS: 140 | |
| strategy: | |
| matrix: | |
| python-version: | |
| - "3.9" | |
| - "3.10" | |
| - "3.11" | |
| - "3.12" | |
| - "3.13" | |
| if: | | |
| always() && !cancelled() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') && | |
| needs.files-changed.outputs.python == 'true' | |
| needs: ["prepare-environment", "files-changed", "yaml-lint", "python-lint"] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: "Setup environment" | |
| run: | | |
| pipx install poetry==${{ needs.prepare-environment.outputs.POETRY_VERSION }} --python python${{ matrix.python-version }} | |
| poetry config virtualenvs.create true --local | |
| pip install invoke toml codecov | |
| - name: "Install Package" | |
| run: "poetry install --all-extras" | |
| - name: "Mypy Tests" | |
| run: "poetry run mypy --show-error-codes infrahub_sdk/" | |
| - name: "Unit Tests" | |
| run: "poetry run pytest --cov infrahub_sdk tests/unit/" | |
| - name: "Upload coverage to Codecov" | |
| run: | | |
| codecov --flags python-${{ matrix.python-version }} | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| # The pytest-cov plugin doesn't quite work with content that is | |
| # auto-imported by our own infrahub pytest plugin, this workaround | |
| # reports the missing lines | |
| - name: "Report coverage for pytest-plugin" | |
| if: matrix.python-version == '3.12' | |
| run: | | |
| source $(poetry env info --path)/bin/activate | |
| coverage run --source=infrahub_sdk -m pytest tests/unit/pytest_plugin | |
| coverage report -m | |
| coverage xml | |
| codecov --flags python-filler-${{ matrix.python-version }} | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| # ------------------------------------------ Integration Tests ------------------------------------------ | |
| integration-tests-latest-infrahub: | |
| if: | | |
| always() && !cancelled() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') && | |
| needs.files-changed.outputs.python == 'true' | |
| needs: ["prepare-environment", "files-changed", "yaml-lint", "python-lint"] | |
| runs-on: | |
| group: "huge-runners" | |
| timeout-minutes: 30 | |
| steps: | |
| - name: "Check out repository code" | |
| uses: "actions/checkout@v5" | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: "Set environment variables" | |
| run: | | |
| RUNNER_NAME=$(echo "${{ runner.name }}" | grep -o 'ghrunner[0-9]\+' | sed 's/ghrunner\([0-9]\+\)/ghrunner_\1/') | |
| echo "PYTEST_DEBUG_TEMPROOT=/var/lib/github/${RUNNER_NAME}/_temp" >> $GITHUB_ENV | |
| - name: "Setup environment" | |
| run: | | |
| pipx install poetry==${{ needs.prepare-environment.outputs.POETRY_VERSION }} | |
| poetry config virtualenvs.create true --local | |
| pip install invoke toml codecov | |
| - name: "Install Package" | |
| run: "poetry install --all-extras" | |
| - name: "Integration Tests" | |
| run: | | |
| poetry run pytest --cov infrahub_sdk tests/integration/ | |
| - name: "Upload coverage to Codecov" | |
| run: | | |
| codecov --flags integration-tests | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| # NOTE: Disabling this test for now because it's expected that we can't start the latest version of infrahub | |
| # with the current shipping version of infrahub-testcontainers | |
| # integration-tests-local-infrahub: | |
| # if: | | |
| # always() && !cancelled() && | |
| # !contains(needs.*.result, 'failure') && | |
| # !contains(needs.*.result, 'cancelled') && | |
| # needs.files-changed.outputs.python == 'true' && | |
| # (github.base_ref == 'stable' || github.base_ref == 'develop') | |
| # needs: ["prepare-environment", "files-changed", "yaml-lint", "python-lint"] | |
| # runs-on: | |
| # group: "huge-runners" | |
| # timeout-minutes: 30 | |
| # steps: | |
| # - name: "Check out repository code" | |
| # uses: "actions/checkout@v5" | |
| # - name: "Extract target branch name" | |
| # id: extract_branch | |
| # run: echo "TARGET_BRANCH=${{ github.base_ref }}" >> $GITHUB_ENV | |
| # - name: "Checkout infrahub repository" | |
| # uses: "actions/checkout@v5" | |
| # with: | |
| # repository: "opsmill/infrahub" | |
| # path: "infrahub-server" | |
| # ref: ${{ github.base_ref }} | |
| # submodules: true | |
| # - name: Set up Python | |
| # uses: actions/setup-python@v5 | |
| # with: | |
| # python-version: "3.12" | |
| # - name: "Setup git credentials prior dev.build" | |
| # run: | | |
| # cd infrahub-server | |
| # git config --global user.name 'Infrahub' | |
| # git config --global user.email '[email protected]' | |
| # git config --global --add safe.directory '*' | |
| # git config --global credential.usehttppath true | |
| # git config --global credential.helper /usr/local/bin/infrahub-git-credential | |
| # - name: "Set environment variables prior dev.build" | |
| # run: | | |
| # echo "INFRAHUB_BUILD_NAME=infrahub-${{ runner.name }}" >> $GITHUB_ENV | |
| # RUNNER_NAME=$(echo "${{ runner.name }}" | grep -o 'ghrunner[0-9]\+' | sed 's/ghrunner\([0-9]\+\)/ghrunner_\1/') | |
| # echo "PYTEST_DEBUG_TEMPROOT=/var/lib/github/${RUNNER_NAME}/_temp" >> $GITHUB_ENV | |
| # echo "INFRAHUB_IMAGE_VER=local-${{ runner.name }}-${{ github.sha }}" >> $GITHUB_ENV | |
| # echo "INFRAHUB_TESTING_IMAGE_VER=local-${{ runner.name }}-${{ github.sha }}" >> $GITHUB_ENV | |
| # echo "INFRAHUB_TESTING_DOCKER_IMAGE=opsmill/infrahub" >> $GITHUB_ENV | |
| # - name: "Build container" | |
| # run: | | |
| # cd infrahub-server | |
| # inv dev.build | |
| # - name: "Setup environment" | |
| # run: | | |
| # pipx install poetry==${{ needs.prepare-environment.outputs.POETRY_VERSION }} | |
| # poetry config virtualenvs.create true --local | |
| # pip install invoke toml codecov | |
| # - name: "Install Package" | |
| # run: "poetry install --all-extras" | |
| # - name: "Integration Tests" | |
| # run: | | |
| # echo "Running tests for version: $INFRAHUB_TESTING_IMAGE_VER" | |
| # poetry run pytest --cov infrahub_sdk tests/integration/ | |
| # - name: "Upload coverage to Codecov" | |
| # run: | | |
| # codecov --flags integration-tests | |
| # env: | |
| # CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} |